xref: /aosp_15_r20/external/cronet/net/cert/known_roots.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b)

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/known_roots.h"

#include <string.h>

#include <algorithm>

#include "base/check_op.h"
#include "net/base/hash_value.h"
#include "net/cert/root_cert_list_generated.h"

namespace net {

namespace {

// Comparator-predicate that serves as a < function for comparing a
// RootCertData to a HashValue
struct HashValueToRootCertDataComp {
  bool operator()(const HashValue& hash, const RootCertData& root_cert) {
    DCHECK_EQ(HASH_VALUE_SHA256, hash.tag());
    return memcmp(hash.data(), root_cert.sha256_spki_hash, 32) < 0;
  }

  bool operator()(const RootCertData& root_cert, const HashValue& hash) {
    DCHECK_EQ(HASH_VALUE_SHA256, hash.tag());
    return memcmp(root_cert.sha256_spki_hash, hash.data(), 32) < 0;
  }
};

const RootCertData* GetRootCertData(const HashValue& spki_hash) {
  if (spki_hash.tag() != HASH_VALUE_SHA256)
    return nullptr;

  auto* it = std::lower_bound(std::begin(kRootCerts), std::end(kRootCerts),
                              spki_hash, HashValueToRootCertDataComp());
  if (it == std::end(kRootCerts) ||
      HashValueToRootCertDataComp()(spki_hash, *it)) {
    return nullptr;
  }
  return it;
}

}  // namespace

int32_t GetNetTrustAnchorHistogramIdForSPKI(const HashValue& spki_hash) {
  const RootCertData* root_data = GetRootCertData(spki_hash);
  if (!root_data)
    return 0;
  return root_data->histogram_id;
}

bool IsLegacyPubliclyTrustedCA(const HashValue& spki_hash) {
  const RootCertData* root_data = GetRootCertData(spki_hash);
  return root_data && root_data->legacy_ca;
}

}  // namespace net